The firm warned, “Performing the entire attack—connecting the device to the ATM, bypassing security, and collecting the cash—would take just 10 minutes on some ATM models.” * While certainly not the first to show how easily fingerprint biometric security can be undermined, New York University researchers used a neural network to generate fake fingerprints, dubbed DeepMasterPrints, which work like a master key does to locks. If successfully exploited, an attacker could “join the router’s network without the required credentials and mount further attacks against users of the network.” * After software developer Tim Cotton disclosed a “strange” Gmail bug that could be used as a phishing vector, it led to others revealing a collection of other Gmail-related bugs. * Imperva published a report about a patched Facebook privacy bug that could have allowed websites to extract private information about users and their contacts. * The founder of Privacy4Cars, a mobile app for scrubbing PII from modern vehicles, warned of “CarBlues” malware, which spreads via Bluetooth to exploit infotainment systems. The hack allegedly would allow attacker to “access stored contacts, call logs, text logs, and in some cases even full text messages without the vehicle's owner/user being aware - and without the user's mobile device being connected to the system.” * A group of researchers revealed seven new Meltdown and Spectre attacks. * NBC Chicago warned that hackers can “easily drain” cash from Zelle, a popular mobile banking app for transferring money; over 100 banks use Zelle. * A plethora of security firms are urging users to be careful about buying online Black Friday and Cyber Monday sales, as the shopping season is a peak time for scammers.